Feb 21 2021
Nigerian Instagram star helped North Korean hackers in $1.3B scheme
A Nigerian Instagram star conspired with North Korean hackers to steal more than $1.3 billion from companies and banks in the U.S. and other countries, federal prosecutors said.
Ramon Olorunwa Abbas, 37, also known as “Ray Hushpuppi,” is being accused of helping three North Korean computer hackers steal the funds from companies and banks, including one in Malta, in February 2019, according to the Justice Department.
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” Assistant Attorney General John Demers of the Justice Department’s National Security Division said in a statement on Feb. 17.
Feb 20 2021
The What and Why of Ethical Hacking
Ethical hacking refers to gaining unauthorized access to a system through different strategies. An ethical hack is carried out by following the footsteps of real hackers who mean harm to the system. By duplicating their strategies ethical hackers can identify vulnerabilities in the system. Once these activities are identified there is a better chance of resolving the issues before actual hackers find a way to gain access to your system or application.
What do Ethical Hackers Do?
Ethical hackers are also known as “white hats“, they can be thought of as experts who perform security assessments to ensure that an organization’s security is not at risk. Companies hire teams of ethical hackers who help to identify system vulnerabilities and ensure that the security of the company is not compromised in any way. They generally follow four key protocols listed and explained below:
The What and Why of Ethical Hacking
![Nmap 6 Cookbook: The Fat-Free Guide to Network Security Scanning by [Nicholas Marsh]](https://m.media-amazon.com/images/I/513N7nPke6L.jpg)
Feb 10 2021
US Response to SolarWinds Hack Has Been ‘Disorganized’: Senators
The U.S. government’s response to a massive hack of government and corporate networks has been “disjointed and disorganized,” according to the leaders of the Senate Intelligence Committee, who are urging the Biden administration to appoint someone to lead the effort.
In a letter made public Tuesday, Democrat Sen. Mark Warner of Virginia, who chairs the committee, and Marco Rubio of Florida, the ranking Republican, said that the federal response to what U.S. officials say was a hack by a Russian intelligence agency “has lacked the leadership and coordination warranted by a significant cyber event, and we have little confidence we are on the shortest path to recovery.”
Experts say it make take months to oust the hackers from government networks, and the senators added that the threat the breach continues to pose to the country demands a single leader “who has the authority to coordinate the response, set priorities, and direct resources to where they are needed.”
Read the full story on NBCNews.com
Subscribe to DISC InfoSec blog by Email
Feb 04 2021
9 Course Ethical Hacking Bundle
![9 Course Ethical Hacking Bundle [PC/Mac Online Code]](https://images-na.ssl-images-amazon.com/images/I/51EQWIKoa%2BL._AC_.jpg)
Learn Ethical Hacking & Cyber Security with this training bundle This ’9 Course Ethical Hacking Bundle’ from Total Training is for beginners and IT pros looking to learn how to protect sites against cyber threats. Learn about Firewalls, Social Engineering, Cyber Anonymity, Cryptography, and more.
With this 9 Course Ethical Hacking Bundle, you will get the training you need to land an entry level Cyber Security position paying upwards of six figures! There are currently over a million Cyber Security job openings globally, and demand is greatly outpacing supply – which means more opportunity, job security, and higher pay for you!
9 Course Ethical Hacking Bundle
Courses Included:
Ethical Hacking: Social Engineering
Ethical Hacking: Recon and Footprinting
Ethical Hacking: Malware Development
Ethical Hacking: Honeypots, IDS and Firewalls
Ethical Hacking: Hacking Databases
Ethical Hacking: Hacking Applications
Ethical Hacking: Cyber Anonymity
Ethical Hacking: Cryptography for Hackers
Ethical Hacking: Wireless Hacking
Jan 23 2021
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys via The Hacker News
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks.
But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it.
The vulnerability (tracked as CVE-2021-3011) allows the bad actor to extract the encryption key or the ECDSA private key linked to a victim’s account from a FIDO Universal 2nd Factor (U2F) device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections.
“The adversary can sign in to the victim’s application account without the U2F device, and without the victim noticing,” NinjaLab researchers Victor Lomne and Thomas Roche said in a 60-page analysis.
“In other words, the adversary created a clone of the U2F device for the victim’s application account. This clone will give access to the application account as long as the legitimate user does not revoke its second factor authentication credentials.”
Source: New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
Jan 18 2021
Introduction to Hacking
This book will show you how Hacking works. You will have a chance to understand how
attackers gain access to your systems and steal information. Also, you will learn what you
need to do in order to protect yourself from all kind of hacking techniques.
Structured on 10 chapters, all about hacking, this is in short what the book covers in its
pages:
- The type of hackers
- How the process of Hacking works and how attackers cover their traces
- How to install and use Kali Linux
- The basics of CyberSecurity
- All the information on malware and cyber attacks
- How to scan the servers and the network
- WordPress security & Hacking
- How to do Google Hacking
- What’s the role of a firewall and what are your firewall options
- What you need to know about cryptography and digital signatures
- What is a VPN and how to use it for your own security
Get this book NOW. Hacking is real, and many people know how to do it. You can protect
yourself from cyber attacks by being informed and learning how to secure your computer and
other devices.
Tags: Computer Security, Hacking, CyberSecurity, Cyber Security, Hacker, Malware, Kali Linux, Security, Hack, Hacking with Kali Linux, Cyber Attack, VPN, Cryptography
Dec 21 2020
SUPERNOVA, a backdoor found while investigating SolarWinds hack
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA.
The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor.
After the initial disclosure of the SolarWinds attack, several teams of researchers mentioned the existence of two second-stage payloads.
Security experts from Symantec, Palo Alto Networks, and Guidepoint reported that threat actors behind the SolarWinds attack were also planting a .NET web shell dubbed Supernova.
Researchers from Palo Alto Networks revealed that the malicious code is a tainted version of the legitimate .NET library “app_web_logoimagehandler.ashx.b6031896.dll” included in the SolarWinds Orion software.
“In the analysis of the trojanized Orion artifacts, the .NET .dll app_web_logoimagehandler.ashx.b6031896.dll was dubbed SUPERNOVA, but little detail of its operation has been publicly explored.” reads the analysis published by Palo Alto Networks.
“SUPERNOVA differs dramatically in that it takes a valid .NET program as a parameter. The .NET class, method, arguments and code data are compiled and executed in-memory. There are no additional forensic artifacts written to disk, unlike low-level webshell stagers, and there is no need for additional network callbacks other than the initial C2 request. In other words, the SolarStorm attackers have constructed a stealthy and full-fledged .NET API embedded in an Orion binary, whose user is typically highly privileged and positioned with a high degree of visibility within an organization’s network.”
Source: SUPERNOVA, a backdoor found while investigating SolarWinds hack
Learning about .NET Malware by Going Over the SUNBURST SolarWinds Backdoor
httpv://www.youtube.com/watch?v=cMauHTV-lJg
Dec 13 2020
Suspected Russian hackers spied on U.S. Treasury emails
Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.
Three of the people familiar with the investigation said Russia is currently believed to be behind the attack.
Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.
The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.
Source: Suspected Russian hackers spied on U.S. Treasury emails – sources
RUSSIAN GOVERNMENT HACKING GROUP ‘APT29’ BEHIND CYBER HACK ON US GOVERNMENT
httpv://www.youtube.com/watch?v=FM66FgFk6Ls
U.S. Agencies Hit in Brazen Cyber-Attack by Suspected Russian Hackers
httpv://www.youtube.com/watch?v=vlVGnu7i0tY
#Sandworm: A New Era of #Cyberwar and the Hunt for the #Kremlin’s Most #Dangerous #Hackers Paperback
Dec 11 2020
U.S. Schools Are Buying Phone-Hacking Tech That the FBI Uses to Investigate Terrorists
A Gizmodo investigation has found that schools in the U.S. are purchasing phone surveillance tools from Cellebrite and companies that offer similar tools just four years after the FBI used it to crack a terrorism suspect’s iPhone.
In May 2016, a student enrolled in a high-school in Shelbyville, Texas, consented to having his phone searched by one of the district’s school resource officers. Looking for evidence of a romantic relationship between the student and a teacher, the officer plugged the phone into a Cellebrite UFED to recover deleted messages from the phone. According to the arrest affidavit, investigators discovered the student and teacher frequently messaged each other, “I love you.” Two days later, the teacher was booked into the county jail for sexual assault of a child.
The Cellebrite used to gather evidence in that case was owned and operated by the Shelby County Sheriff’s Office. But these invasive phone-cracking tools are not only being purchased by police departments. Public documents reviewed by Gizmodo indicate that school districts have been quietly purchasing these surveillance tools of their own for years.
In March 2020, the North East Independent School District, a largely Hispanic district north of San Antonio, wrote a check to Cellebrite for $6,695 for “General Supplies.” In May, Cypress-Fairbanks ISD near Houston, Texas, paid Oxygen Forensics Inc., another mobile device forensics firm, $2,899. Not far away, majority-white Conroe ISD wrote a check to Susteen Inc., the manufacturer of the similar Secure View system, for $995 in September 2016.
Source: U.S. Schools Are Buying Phone-Hacking Tech That the FBI Uses to Investigate Terrorists
Dec 08 2020
U.S. Cyber Firm FireEye Says It Was Breached by Nation-State Hackers
The cybersecurity company said the attack compromised its software tools used to test the defenses of its thousands of customers.
“I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Kevin Mandia, the chief executive at FireEye and a former Air Force officer, said in a blog post published Tuesday. “The attackers tailored their world-class capabilities specifically to target and attack FireEye.”
The company said the attacker also accessed some internal systems and primarily sought information about government clients. FireEye said it has seen no evidence so far that data belonging to its customers had been compromised from the primary systems used to store it.
FireEye declined to comment on who it believed was behind the breach of its hacking tools, which experts said could potentially be leveraged in future attacks against its customer base, including a diverse array of U.S. and Western national-security agencies and businesses.
Source: U.S. Cyber Firm FireEye Says It Was Breached by Nation-State Hackers
FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State
httpv://www.youtube.com/watch?v=EcBAuJoj2Ks
Fireeye shares plunge after it says it was breached by suspected hackers
httpv://www.youtube.com/watch?v=xYIK23FYiyM&ab_channel=CNBCTelevision
Nov 29 2020
10 Best InfoSec Hacking Books
10 Best InfoSec Hacking Books
To download 10 Best InfoSec Hacking Books pdf
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/11/10-best-InfoSec-hacking-books.pdf” title=”10 best InfoSec hacking books”]
To download 10 Best InfoSec Hacking Books pdf
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/11/Metsploit-cheatsheet.pdf” title=”Metsploit cheatsheet”]
Nov 23 2020
LidarPhone Attack Transforms Smart Vacuum Cleaners Into Spying Tools
LidarPhone attack targets the lidar sensors in smart vacuum cleaners transforming them into microphones to record sounds and eavesdrop.
Describing LidarPhone in brief, the researchers stated, The fundamental concept of LidarPhone lies in sensing such induced vibrations in household objects using the vacuum robot’s lidar sensor and then processing the recorded vibration signal to recover traces of sounds. This sensing method is inspired by the principles of laser microphones that use reflected laser beams to sense sounds from vibrating objects. Although laser mics require sophisticated setups, the rotating lidar sensors are equipped with at least a laser transmitter and reflection sensor. This enables the key possibility to transform a lidar into a microphone.
Source: LidarPhone Attack Transforms Smart Vacuum Cleaners Into Spying Tools
« Previous Page — Next Page »
